Google Hacked the ‘Skeptical Science’ Website

Despite my joking comments about having mad haxor skillz being a source of amusement for many people, it appears some people actually believe I hacked the Skeptical Science forum’s website. Rob Honeycutt, a key team member at Skeptical Science, has referred to my actions, saying thingslike:

“Back door” was used by me as a metaphor. Hack = “To break into comp sys with malicious intent.” An easy hack is still a hack.

when did theft become legal?

When Shub Niggurath expressed his disbelief at my actions being called hacking, Honeycutt explicitly said it washacking:

Yes, accessing involved effort and some determination to filter thru 1000’s of images 2 locate 1s that cld be taken out context.

Clearly, Rob Honeycutt claims my “effort” to find this directory was hacking. The problem for Honeycutt is Google used the exact same process.

That means, according to Rob Honeycutt, Google hacked Skeptical Science!

And according to Honeycutt, that makes Google dumb:

Personally, I disagree. I think the only person who was “dumb enough to publicly expose private files” was John Cook for configuring his server to have “private files” displayed in a public directory. It seems to me Honeycutt is damning his own team with his comments. And he really nails them in the follow-up exchange:

If you look at this Skeptical Science post. That post currently linksdirectlytosixstolendocuments. Those documents were illicitly obtained by Peter Gleick, and Skeptical Science happily promotes their dissemination. According to Rob Honeycutt, that is dumb and unethical.

98 thoughts on “Google Hacked the ‘Skeptical Science’ Website”

They’re peed off because their likely scam (to fabricate a supposed ad hom attack from sceptics by use of the pics) was foiled. I can’t think of any other reason for them making the pics in the first place.

If it’s in a publicly accessible directory, and it’s crawlable, there can be absolutely no expectation of privacy. The analogy I’d use is a public figure walking around naked in front of the windows, then complaining that the media is publishing pictures of it.

Besides, nobody actually cares. I’m more amused by their inability to comprehend how their web server works than the childish images they had in there.

All these images were placed in a public directory (as evidenced by the fact that a person could simply go to the right URL an view them, without a password or anything).

All these public images were linked from a public web page (see screenshot above).

There was no notice to search engines saying that they were not supposed to look (using robots.txt) at these public files or the public web page linking to them.

There was no notice to people saying that they were not supposed to look at these public files or the public web page linking to them.

How was anybody supposed to know that despite all this publishing to the public, that they were intended to be private? Telepathy?

Complaining about these public files is like parading in fancy dress inthe street with a neon sign saying “look at me”, then allowing national media (newspapers etc) to show pictures of the event, and only after all that complaining people weren’t supposed to look at your “private” antics.

IF you publish it to a live, public spot, it is fair game. “Security through obscurity” is NOT a security method. Simply pulling up a directory is NOT a “hack” and I can’t imagine that it would pass a laugh test in court.

Having said that — wanna bet that the AGW alarmists are probing sites like this to find that file that says, “Exxon and BP are sending us a big check to publish their latest planted scientific-looking graph”? Cause you KNOW they are. Heck, betting they’d PLANT it, then wait for another leftist hacker to find it! Ask people on the Right who have had their email hacked how the Left operates. Obama’s data collection in the last 2 elections borders on “very damned spooky” and I have to wonder where that data really came from (*cough*NSA*cough*).

In my opinion the SKS people should be thankful that these images came to light now. People with no real concept of internet security shouldn’t be planning things like “false flag operations”, if that is indeed what they were planning.

If these images had been fired in anger just how long do you think it would have been before they were traced back to SKS and nailed embarrassingly to their door. I would give it less than a day. Look at how long it took before Gleick was identified.

The premature discovery leaves room for the SKS people to claim uncertainty as to what exactly the images were intended for. Perhaps they were not planning to use them to try to discredit skeptics. Maybe they just have a bit of a strange nazi fetish.

You’d think a bunch of propagandists like the folks at SkS would have the sense to keep quiet about this so it’d blow over. The more they talk about it the longer they keep it alive and current in people’s minds. But nothing these guys do really surprises me anymore.

I’ve worked in IT since the mid 80’s. In no way was what Anthony did any kind of hack. All the software, though poorly configured, was behaving exactly as configured. No attempt was made to compromise accounts/passwords. No attempt was made to subvert the normal operation of any system. He just accessed it. As a previous poster just pointed out, obscurity is not security. Obscurity is a valid strategy as part of an overall security policy, but if its the only arrow in your quiver then you clearly don’t have a clue.

Other than the possibility of brewing a false flag attack, it is incomprehensible. But then so is SkS general attempt to defend the indefensible, whether climate science itself, or their 97% consensus about it that Brandon helped expose elsewhere.
The SkS crowd should learn to follow Churchill’s advice that it is better to remain silent and be thought a fool than to speak and remove all doubt.
Good show, Brandon. Enjoying it.

I recently attended a seminar of a renowned security expert (one of the top 15 in the world). over 90% of “hacking” is social engineering. Basically what Gleick did. He never mentioned web crawlers as a source of hacking.

R Honeycutt? Was that not a character in Asimov’s robot series?
I love this clowns, whatever his real name is, logic.
If he does it, it is A Ok.
If it is done to him, it is a low dishonest blow, by evil people.
Sounds like a product of our public school system for sure.
This ethical disconnect is the trait of a cult,in a collective of weak minded people, like the “cause”, the chosen ones are automatically given a pass, but any who doubt are evil by definition.
Brings to mind the old joke of a man so crooked, that he cannot walk straight.

Our ‘side’ has got to get professional, ASAP. We don’t need to blog. We need to network. Every single blog, organisation, movement is like a platoon in an army. ..This has a lot of similarities to the Vietnam War….And the skeptics are the Viet Cong… Not fighting like ‘Gentlemen’ at all. And the mainstream guys like Gleick don’t know how to deal with this. Queensberry Rules rather than biting and gouging.

..So, either Mother Nature deigns to give the world a terrifying wake up call. Or people like us have to build the greatest guerilla force in human history. Now. Because time is up…Someone needs to convene a council of war of the major environmental movements, blogs, institutes etc. In a smoke filled room (OK, an incense filled room) we need a conspiracy to save humanity.

Crazy? Perhaps. But note:either Mother Nature deigns to give the world a terrifying wake up call. Or people like us have to build the greatest guerilla force in human history, sic.
Well, the world didn’t work like they guessed it would. So they are committed to guerrilla warfare in the sphere of public thought.

If Gleick was weak in their eyes then morality has been jettisoned. Theft, deceit and fraud is OK for The Cause.

Their cause is beyond good and evil in their eyes.
But only their eyes.
At least, my insight into their psychology is that they are not beyond merely failing to be good.

If I understand this, Honeycutt is arguing that accessing files in the normal manner from a public web site is unethical if the owner of the web site did not intend to make those files public.

I guess the theory is that you don’t have the right to enter a stranger’s house even if he leaves the front door unlocked. Such a theory might find support if there was a good reason for a web surfer to think those files were never intended to be made public. Was there any such reason? I can’t imagine what it might even be.

Look, we can’t expect “progressive” climate alarmists to live up to the standards of conduct they expect from others. They don’t have any standards. Their mantra is “no rules, only results”. So in their minds, the end justifies the means no matter what the means.

We are not dealing with what we would consider normally adjusted people here. We are dealing with people who have a profound sense of entitlement and “noble cause” corruption runs rampant through these circles. They believe that unethical behavior is justified if it is for the advancement of what they see as a noble goal.

Basically, they are about as emotionally mature as your average 8 year old, so behavior such as this does not surprise me. They play many of the same social games that kids on an elementary playground do. If you don’t “believe” in their theories, then you have “cooties”.

Honeycutt…”Yes, accessing involved effort and some determination to filter thru 1000′s of images 2 locate 1s that cld be taken out context.”

If they were taken out of context, please put them in context. I really want to know in what context they should be taken.

There may be a completely rational explanation for wanting to be portrayed that way, so yes, the correct “context” would help me out here and probably prolong my enjoyment of this peek into the minds of the chosen ones.

Clearly two sets of rules. Actually, it’s worse than that. What’s perfectly legit is seen as unethical if we do it (glancing through a public directory), and what’s outright criminal legally (Gleick = theft and forgery) is seen as perfectly fine and dandy as it’s an attempt to further the Cause.

I used to think there were some wool-over-the-eyes issues with the CAGW crowd, but it’s looking more and more as though they are wilfully obtuse as they continue to present such discrepancies and imbalances as innocent or, worse, justified.

As for the uniforms they adopted… I don’t know. I the creepy feeling this is how they see themselves – the Master Race.

When you GET/POST, you are effectively asking for, and receiving an official response to a request. You aren’t just reaching in and stealing something.

Or maybe it’s a bit like knocking and having someone come to the door. Whereas what Zuckerberg did to hack Harvard Crimson accounts (vis a vis using the identical passwords that the users stored in his Facebook database) is like copying someone’s keys and gaining access.

There are some blurry lines in the world of hacking, but this is not one of them.

What’s that mom? Nazi files? Why did Dad find that I have pictures of me and my playmates dressed as nazis?

Oh wait, Ma! Dad is a sneaky spy, that’s the real issue here! Let’s punish dad for noticing my nazi pictures that I left on the top of my desk! That’s really the problem here ma, really, not that I’m into nazis, stink of saurkraut, and walk with really stiff legs lately! So let’s straighten Dad out — no more looking at stuff I leave around in plain sight. Yavoltz?

James Smyth says:
August 13, 2013 at 2:19 pm
““I guess the theory is that you don’t have the right to enter a stranger’s house even if he leaves the front door unlocked. ”
No, that’s a bad analogy. HTTP access is a request/response paradigm.”

A webserver is not some stranger’s house. A webserver is a shop that sells newspapers. It’s MADE for publishing stuff.
The theory is therefore that you don’t have the right to enter a stranger’s NEWSPAPER SHOP if he leaves the front door unlocked… Shopowners HATE it when customers enter, donchaknow!

I guess that they somehow missed website admin 101 that states “Never post anything in a public file/folder that you wouldn’t be happy being splashed across the front page of the (Insert your national newspaper name here/billboards) . I said last week they needed a 14 year old to run the admin side. I wasn’t joking. These blokes don’t have a clue what they are doing. Which is very entertaining for the rest of us. There are a number of For Dummies book that they could have read that would have pointed them in the right direction re web admin and security.

sometimes, when I don’t want to sort through them all at once, & I have a certain nagging suspicion that the webmastur[sic] will suddenly lock access to the directory in question I’ll use the old friend:$ wget --mirror http://www.sample-url.com/files/directory_i_want/
I suppose using the command line would be extremely criminal hacking, to some of these (not terribly sharp) tools.

“Perhaps they were not planning to use them to try to discredit skeptics. Maybe they just have a bit of a strange nazi fetish.”

I don’t think they have the collective brains to organise a black flag op. Jeez, they can’t even run a web server and get it right!

Nazi fetish, I doubt. More likely they think Nazis were tough and ruthless and devastatingly effective (for a while). Not having any moral constraints on how they take over the world probably appeals too.

They seem rather confused as to what role they wish to play in all these pseudo-military metaphors but they long to be tough (and effective).

In short they are the most pathetic bunch of losers imaginable.

That’s the missing “context”. No black flags, there’s nothing more complicated or confusing about it. Just a sorry bunch of jerks with high school mentalities.

Even if you were to accept the house metaphor instead of the shop metaphor, this isn’t like someone entering the house, this is like the residents taping pictures to the inside of the windows, facing out, and then being incensed that people walking by see the pictures.

Even worse, people are *thinking* about those pictures and their context, which is like evil horrible denier behavior.

I think normally you assign a default web page to every directory in a public web server to prevent a directory from being seen as a list of files that could then be accessed individually, without using any links from pages in the website. That is, if you don’t want to present the list of files, or you know anything about how the web works.
No hacking here, I think, just surfing.

I never said it was a good analogy. I was trying to fathom Honeycutt’s thinking.

If it was obvious that something was intended to be private but had inadvertently been made public, I might support Honeycut’s objections. But how could one possibly know that about material on a web site?

“I guess the theory is that you don’t have the right to enter a stranger’s house even if he leaves the front door unlocked. ”

No, that’s a bad analogy. HTTP access is a request/response paradigm.

The URL path shows a directory with a name. One may attempt to browse the directory directly. Just because there is not an explicit link to it anywhere doesn’t mean it is wrong to browse the directory. If you don’t want people to browse the directory whose existence is published publicly, then protect it. You can’t prevent people driving on your street just because you remove the street sign, though that might reduce traffic a bit. The fact that the street is there and is accessible by the general public and is published in your house address does not mean people can’t take walk or a drive up that street and look at all of the other addresses. If you don’t want traffic, install a gate.

David, UK says:
August 13, 2013 at 1:11 pm
They’re peed off because their likely scam (to fabricate a supposed ad hom attack from sceptics by use of the pics) was foiled. I can’t think of any other reason for them making the pics in the first place.
—————————————
Maybe, since they behave like him, Joseph Goebbels is their hero, and they like to play at being his soldiers.

The word “chilling” is used too often in the media IMO, but I think it is appropriate for a reading of the Wikipedia entry for Goebbels. Here’s how it ends:

” Joachim Fest writes: “What he seemed to fear more than anything else was a death devoid of dramatic effects. To the end he was what he had always been: the propagandist for himself. Whatever he thought or did was always based on this one agonizing wish for self-exaltation, and this same object was served by the murder of his children … They were the last victims of an egomania extending beyond the grave. However, this deed, too, failed to make him the figure of tragic destiny he had hoped to become; it merely gave his end a touch of repulsive irony.” “

…and by my count (copying the listing into MS Word and assigning line numbers to the document) there are 329 images, not thousands.

Yup. I told him there weren’t thousands of images, several times. He refused to address the issue. I have no idea where he got that number from, but it’s funny Google cache proves him wrong. It’s bad when you can’t get even the simplest things right.

By the way, isn’t it libel to falsely and baselessly accuse someone of criminal activities like he has? It’d obviously wouldn’t be worth the trouble of pursuing, but it would be interesting.

What I want to see is the gang at SkS explaining exactly why these images were made. We should push them on this (perhaps a post at WUWT publicly inviting them to explain?).

I personally believe they were made as part of a false-flag operation to discredit sceptics. If we could find evidence of this (maybe discussed somewhere on SkS forum?) it would demonstrate exactly what kind of imbeciles Cartoonist Cookie, Nuttyjelly, Honeynut, et al really are.

Just because there is not an explicit link to it anywhere doesn’t mean it is wrong to browse the directory. If you don’t want people to browse the directory whose existence is published publicly, then protect it. Y

My point is that even when you use words like “browse the directory”, you are actually using HTTP GET to request that the server provide you with the contents of the directory. And then you similarly GET the files That’s why most of the analogies of walking into a house, an empty store are lame. It’s much more the case of the house/shop owner being present and giving you what you are asking for.

rabbit writes “I guess the theory is that you don’t have the right to enter a stranger’s house even if he leaves the front door unlocked.”

Because SkS is a public website, I think the analogy would be being invited into the house and encouraged to look around but not behind that door over there. That one is out of bounds even though there is no sign or indication it should not be opened

So, SkS, supports Peter Gleick’s confessed ID theft and data theft to the point of promoting it. And that is OK with SkS. And now SkS is mad as all get out because their own public files were used by a member of the public, and broadcast to the public.
Thanks for the laughs,

Not sure if the problem is on your end or mine, but twice when I tried to open the home WUWT home page on my iPad, the iPad went to the iPad app app. Was able to work around by quickly linking to a story. Wondering if someone is counter-a-hacking.

You should have a lawyer send him a letter demanding a published apology.

I’m pretty sure the cost of getting a lawyer to do anything would be far greater than any possible return. A couple posts from an unimportant person on Twitter are not worth the trouble. Maybe it’d be worth the trouble if this had been in a post on Skeptical Science.

At the end of the day, this is deeply embarrassing for Cook. There is no excuse for this, none at all. While I don’t believe Cook is in anyway a nazi, the difference now is that anyone is free to call him one. There is no defense on this issue. I also do not believe Mike Mann is a nazi, but the difference now is that anyone is free to propose that he could be, because it’s possible Cook is, since they are both seen in photos and seem like friends. Will Real Climate remove sKs from its blog roll? I mean, is it possible Real Climate are also nazi sympathizers? The possibilities are endless…

What was done to access those images was not a hack. I’ve been running websites in one form or another for the best of 20 years (there in the early days) and this ain’t no hack; not by a country mile. A rather badly set up web server by someone with little ‘practical’ security awareness – probably. A hack – nope! I just hope whoever set up the web server does not manage anything really important..

James Smyth says:
August 13, 2013 at 5:37 pm
“My point is that even when you use words like “browse the directory”, you are actually using HTTP GET to request that the server provide you with the contents of the directory. And then you similarly GET the files That’s why most of the analogies of walking into a house, an empty store are lame. It’s much more the case of the house/shop owner being present and giving you what you are asking for.”

On the HTTP level you’re right; on the HTML level not (HTML is a higher level; it doesn’t care for the technicalities of GET and POST).

Just like a biologist classifying species doesn’t obsess about nuclear physics.

Jimbo says:
August 13, 2013 at 3:58 pm
“In 2011 Rob Honeycutt made some confident statements on NoTricksZone about climate forcing and continued warmth. Dana was there too with gusto.”

That was when the Sks boys tried to gang up on skeptic blogs in the style of the Spanish Inquisition. It is documented in their first secret forum leak where they dream of becoming the biggest guerilla army of the world. Unfortunately, they had no scientific argument to bring to the table.

The key question is why did Cook and his leadership group at his Skeptical[-less] Science site portray themselves as German fascists in their weird images?

It is a different question than asking what was their purpose in making the weird images.

Is the reason why they chose to portray themselves as German fascists that they thought it was the most funny of all possible themes? If it is the reason then the ‘consensus’ climate science community has a situation. Namely, how to disenfranchise Cook and his leadership group at his Skeptical[-less] Science site?

A folder that allows for user uploads is almost always going to be publicly accessible, otherwise, how would users be able to upload their files to it? The mistake the forum made was that they didn’t turn off listing the contents of the directory. If they had, accessing that directory would give a big FORBIDDEN message. It’s “Running a Web Server 101”.

“Yeah, if you could not hack into our publicly accessible directory you found from a public link that lists all of the publicly accessible files that would be great.”

SKS has been hacked before. One hacker sent me the reasons for my comments being suppressed by various “Moderators”. The SKS moderators don’t tolerate anything that does not conform to the SKS creed. They behave like religious bigots rather than scientists: